Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted tags. The sanitizer validates only the src attribute of <iframe>, <video>, and <audio> elements, leaving all other attributes unchecked. As a result, an attacker can inject arbitrary HTML through srcdoc, completely defeating CryptPad's intended bounce sandboxing and enabling link injection or other interactive content within user-controlled documents. The root cause lies in how the sanitizer classifies and enforces tag restrictions: although it defines both forbidden and restricted tag lists, <iframe> is treated as "restricted" rather than "forbidden." Enforcement then inspects only the src attribute, so pairing a benign blob: src with a malicious srcdoc results in unrestricted rendering. This issue has been fixed in version 2026.2.0.
AnalysisAI
HTML sanitizer bypass in CryptPad's Diffmarked.js allows remote unauthenticated attackers to inject arbitrary HTML into collaborative documents, completely defeating the platform's bounce sandboxing mechanism. All CryptPad versions prior to 2026.2.0 are affected; the CVSS scope change (S:C) reflects that exploitation crosses sandbox boundaries, enabling link injection and delivery of malicious interactive content to any user who opens a crafted document. No public exploit code has been identified at time of analysis and this CVE is not listed in CISA KEV, though the attack vector is network-accessible with no authentication required.
Technical ContextAI
CryptPad is an end-to-end encrypted collaborative office suite; Diffmarked.js is its HTML sanitizer component responsible for enforcing content security within user documents. The root cause is CWE-116 (Improper Encoding or Escaping of Output): the sanitizer defines both a 'forbidden' and a 'restricted' tag list, but incorrectly classifies <iframe>, <video>, and <audio> as 'restricted' rather than 'forbidden.' Enforcement logic for restricted tags inspects only the src attribute - requiring a benign blob: URL - while leaving all other attributes, including srcdoc, completely unchecked. The HTML srcdoc attribute allows an entire HTML document to be rendered inline inside an iframe, so pairing a blob: src (which passes the check) with a malicious srcdoc payload results in unrestricted HTML rendering. This bypasses CryptPad's intended bounce sandbox design, which relies on isolating untrusted content in sandboxed iframes. The affected CPE is cpe:2.3:a:cryptpad:cryptpad:*:*:*:*:*:*:*:* covering all versions prior to 2026.2.0.
RemediationAI
The primary fix is to upgrade CryptPad to version 2026.2.0 or later, which resolves the incomplete attribute filtering in Diffmarked.js. The patched release is confirmed at https://github.com/cryptpad/cryptpad/releases/tag/2026.2.0 and the security advisory is published at https://github.com/cryptpad/cryptpad/security/advisories/GHSA-g2g4-47gv-p72v. For self-hosted deployments that cannot immediately upgrade, a compensating control would be to restrict document sharing to trusted internal users only, limiting the attacker's ability to deliver crafted documents to targets - however, this trade-off significantly degrades collaboration functionality. Disabling the rich-text or markdown editor features that invoke Diffmarked.js would mitigate the attack surface but would render core document editing unusable. There is no partial patch or configuration flag available; upgrading to 2026.2.0 is the only fully effective remediation.
Same weakness CWE-116 – Improper Encoding or Escaping of Output
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31154
GHSA-g2g4-47gv-p72v